Subscribe To CHiPSET

Monday, 29 September 2014

FREE WIFI = MAP OF NETWORK THREATS ?

-Arkodyuti Saha

Skycure hacked an iPhone in just a few minutes and the user was immediately convinced that network attacks were a problem. Though this was an extreme example,it's been a long been warning to all the readers about the dangers of public Wi-Fi networks and the prevalence of attacks that can silently sip your personal data without your knowledge Skycure's CEO and co-founder Adi Sharabani revealed a new tool that makes those invisible attacks a little easier to see. Just search a location on maps.skycure.com and you can see how many naughty networks are in your area. You might be surprised, or just plain horrified.

How it Works:

The site is built on Google Maps, so search for any location as you would normally. Skycure then searches through its database of known malicious networks, and places pins on the map for any nasty network its users have encountered in that area within the last six months. Results are shown within a red circle.

I find that being specific yields the best results. An address in Vellore yields far more useful data than a search for "Chennai,India." For broad searches like these, Skycure's search radius is just too small and centered apparently at random.

Not surprisingly, Skycure Maps works best in urban areas where there are lots of people and lots of Wi-Fi networks. Searching my hometown in 'Kolkata' turned up two results for the entire lower peninsula, both of which were (not surprisingly) at the railway station. Obviously, the big limitation of Skycure maps is the number of users the service can draw data from and where those users have been.

The data for the map is drawn anonymously from Skycure users. When a user connects to a network, Skycure tests it to see if everything is on the up and up. If it's not, a warning appears on the user's phone and the unsafe network is logged on Skycure's servers. Skycure uses this knowledge of malicious networks, the network's location, and the

network's hardware configuration, to better protect its users.

Skycure says that although the map's information comes from users, it's entirely anonymized. "We do not have any visibility to any data on your device, your emails, passwords, or the ability to do so," said Sharabani. "But we prevent the attackers from having the ability to do so."

What You'll See:

You can click each pin to see the name of the suspicious network, and a brief description of why it's dangerous. Sometimes, you'll see a Google Street View image, too. Sharabani says that the location of the Wi-Fi network is accurate to within a few meters, but not always. Search for the PC Mag offices and you'll see the malicious network used to test the Skycure app for my review.

You'll probably see the highest concentration of questionable Wi-Fi networks at airports. That's partly because these networks are sometimes configured without privacy in mind. More interesting is when a Boingo hotspot appears in the middle of a residential neighborhood. These networks are almost always fake. Attackers use the name of popular

wireless services to trick devices into automatically connecting to a malicious network.

At a glance, most of the pins on the map aren't malicious networks per-se but many have entries that say the network could potentially leak your

personal information.

From my experience using Skycure on my personal device, that seems accurate. To be clear: these networks should be avoided the same as overtly malicious ones.

A snap from CHiPSET ,G.D:1.0.

What Does it Mean?

Skycure Maps exists partly to promote its mobile app, but it's also to prove a point. "Attacks are happening everywhere," said Sharabani."Don't believe me. Search for it." He recommends that everyone, especially professionals traveling to conferences, scout around to get a feel for their network environment. Looking at the map, it's hard to disagree that the threats are real. In my hostel, Skycure found three networks that could

leak my personal information, and at least one that is outright dangerous. The next time someone asks me if they should be concerned about connecting to the Starbucks Wi-Fi, I'll just point them to this map.